Amazon Web Service (AWS)

NAT Gateway

Network

NAT Gateway is an Amazon Network Address Translation (NAT) service that allows you to connect instances in a private network to external services outside your VPC, while those services can’t initiate a connection to those instances.

Costs

The cost of using NAT Gateway depends on the amount of data processed through it. Basic data transfer costs for NAT Gateway start at $0.045 per GB and decrease as the amount of data processed increases. Additionally, there is an hourly charge for each NAT Gateway that is running.

Direct Cost

NatGateway-Hours

NatGateway-Bytes

DataTransfer-Regional-Bytes

<Region>-<Region>-AWS-Out-Bytes

‍

Indirect Cost

No items found.

Terraform Name

aws_nat_gateway

NAT Gateway

attributes:

allocation_id - (Optional) The Allocation ID of the Elastic IP address for the gateway. Required for connectivity_type of public.
connectivity_type - (Optional) Connectivity type for the gateway. Valid values are private and public. Defaults to public.
subnet_id - (Required) The Subnet ID of the subnet in which to place the gateway.
tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

‍

Associating resources with a

NAT Gateway

Resources do not "belong" to a

NAT Gateway

Rather, one or more Security Groups are associated to a resource.

Create

NAT Gateway

via Terraform:

The following HCL creates a public NAT gateway in the specified subnet and associates the Elastic IP address with the specified allocation ID. When you create a public NAT gateway, you must associate an Elastic IP address

Syntax:

resource "aws_nat_gateway" "example" {
allocation_id = aws_eip.example.id
subnet_id = aws_subnet.example.id

tags = {
Name = "gw NAT"
}

# To ensure proper ordering, it is recommended to add an explicit dependency
# on the Internet Gateway for the VPC.
depends_on = [aws_internet_gateway.example]
}

Create

NAT Gateway

via CLI:

Parametres:

create-nat-gateway
[--allocation-id <value>]
[--client-token <value>]
[--dry-run | --no-dry-run]
--subnet-id <value>
[--tag-specifications <value>]
[--connectivity-type <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]
[--no-cli-pager]
[--cli-auto-prompt]
[--no-cli-auto-prompt]